- About Us
- Information Technology
- Contact Us
Report Fraud, Waste, or Abuse
The following are highlights of our work during the October 1, 2016–March 31, 2017 semiannual reporting period.
Willingness to Share Divergent Views About Large Financial Institution Supervision Activities. Employees' willingness to share views varies by Federal Reserve Bank and among supervision teams at the same Reserve Bank. Leadership and management approaches play a major role in influencing employees' comfort level in sharing views.
The CFPB's Contract Award Controls and Processes. The CFPB generally complies with contract award laws, regulations, and agency policies and procedures, but some reviews and approvals were overlooked or not documented as required, and other controls and processes can be improved.
The CFPB's Controls for Identifying and Avoiding Conflicts of Interest Related to Vendor Activities. The CFPB can strengthen its controls for identifying and avoiding potential conflicts of interest associated with using vendors to support fair lending compliance and enforcement analysis. The agency should also evaluate whether to perform more fair lending enforcement analysis internally.
The Board's Use of Continuous Monitoring as a Supervisory Tool. Although the Board and the Reserve Banks have multiple documents that address the expectations for certain aspects of continuous monitoring, the Board has not issued guidance that harmonizes these expectations across its supervisory portfolios and the Reserve Banks.
The Board's Information Security Program. The Board has taken several steps to mature its information security program to ensure that it is consistent with Federal Information Security Modernization Act of 2014 (FISMA) requirements. However, the Board's information security program needs several improvements in the areas of risk management, identity and access management, security and privacy training, and incident response.
The CFPB's Information Security Program. The CFPB has taken several steps to mature its information security program to ensure that it is consistent with FISMA requirements. However, the CFPB's information security program needs several improvements in the areas of risk management, identity and access management, and contingency planning.
Audits FAQsSee common Audits questions and answers.
Audit ReportsView a sortable list of audits, evaluations, and other reviews.